2630784457253085d1bfcf955643336e648f1826a60d3b6658cd1735e5490081

Analysis

max time kernel
80s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

icyloader.exe
Size

18.6MB
MD5

87a1d5d53368a1762fe8decccb827863
SHA1

4b631c8795771f67359415997486c30dce0e55c3
SHA256

589c258c01a882e5cb4a4c53de7f3b9d55ec9f904a787a1db759743680fb4391
SHA512

095027f03b79479634b8beb399919d22e1567421da099c3bc8247231e49537f90cb1b4e05b165bd48177b007f80723ae8eef125df9fd586192f167bff6b9ed6e
SSDEEP

393216:HqPnLFXlrP2Q8DOETgsCKfGFOgnPvE1T+d4QxWqN:KPLFXNuQhECoCU1g4IN

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

icyloader.exe

pid process

1812 icyloader.exe
1812 icyloader.exe
1812 icyloader.exe
1812 icyloader.exe
1812 icyloader.exe
1812 icyloader.exe
1812 icyloader.exe
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

C:\Users\Admin\AppData\Local\Temp\_MEI28442\python310.dll upx

pid	process
1812	icyloader.exe
1812	icyloader.exe
1812	icyloader.exe
1812	icyloader.exe
1812	icyloader.exe
1812	icyloader.exe
1812	icyloader.exe

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI28442\python310.dll	upx

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2588 chrome.exe
2588 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

icyloader.exechrome.exe

description	pid	process	target process
PID 2844 wrote to memory of 1812	2844	icyloader.exe	icyloader.exe
PID 2844 wrote to memory of 1812	2844	icyloader.exe	icyloader.exe
PID 2844 wrote to memory of 1812	2844	icyloader.exe	icyloader.exe
PID 2588 wrote to memory of 2636	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2636	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2636	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2612	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2432	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2432	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2432	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2500	2588	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\icyloader.exe
"C:\Users\Admin\AppData\Local\Temp\icyloader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2844

C:\Users\Admin\AppData\Local\Temp\icyloader.exe
"C:\Users\Admin\AppData\Local\Temp\icyloader.exe"
2⤵
- Loads dropped DLL
PID:1812

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6039758,0x7fef6039768,0x7fef6039778
2⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:2
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:8
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:8
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:2
2⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1568 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:8
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f4f7688,0x13f4f7698,0x13f4f76a8
3⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3704 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3944 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3452 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3016 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2496 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2364 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1752 --field-trial-handle=1316,i,15239153698202485772,4195521510627560388,131072 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2296

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
252e8709663951c4f6b3f4689e508c85

SHA1
0920c55379f801681a5bbc335c26e5e24cf7a968

SHA256
e3f232c419cbb5d4f6bd89ae42d8be67881785fd6144c86bdab8e8cad56aa063

SHA512
086eada1fd10aca27ff32025b4a2853314572696d9f34223b584d97e5c4f9557a43b12e587abb5fd4aab0f2ff4e6467bda296b490a3461a6c509f357a27da4f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ef9d07d981e49d0efc1994cd7ab8c0f5

SHA1
bf09e6f528215c18e247147ed63310bcd59cc1e4

SHA256
c084dc41449127495a9d981182d779d95328611785ef5870a1a741c046acc48b

SHA512
fe54f1c3a10083103516b21e2a593f75c0565659e5250d1dfb3457c42849d91712a300ac8aaa3041c78bab2e8dd4566421e8aca007010c2527c36471b979ebec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3e480bdf272762cb587af5b7f3246d6c

SHA1
351ad285e7b2cabe5e9dae4b6c288c19eea7206a

SHA256
fdb55463f9650d80ce5598f3c614c5bd23bdb9021f7036cc883a7cd758141c6f

SHA512
7be8a83ab884217c5617c842e5829ce63248900802b35c3f05c75179fc36b99f4ee6a658ddcd84b04f16ba25a278a6e7390ff2c7372f59ae727c5adabeaf7953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4f10441f902e14d6289d12b7e440e581

SHA1
42bd57cc2669507af3e4fb436d032d93bfff04db

SHA256
d6dd04677b3e4aa4d79feb177303a7a912572b73ac8a3a0fddf7aeaa7a635bde

SHA512
d8f2278ef73cf804efd6155d0c3762703ffc3ec1280d4486110b5ce024e887d02c2a32f495df6dcad836a0a5473712ee024414cce5f3ec8476f7c6b201a52e24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
0ba31b30470cf4248f91ca3f390788e9

SHA1
09e9a19461148c35365754534d7d9e8eb5c3dcf3

SHA256
dd122a56f95e58765f258f2f6cc7ce5d988063ab704d9cf38663a1ccb9d91011

SHA512
069676c9f18771a932fd0d8e5674cc02bcdcf6cbe6c9aad11225104b8fd9c9407db40a73d11301284a9fd36d6a4df77f132f9cff2ff1fa16de3fa6b24533656f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
091ac8d13e0c0e8786dd22c1a19bed06

SHA1
5c0f251a3cfc6fe9bb33dd4edeccd4c30cc6c6db

SHA256
76dd29c802d1f67599b25d783714f38c100f21d9ee30ecfd834cba9ad85370b5

SHA512
8eb191fdffdcbd5ad13e7e35bb7d92a0bc1649d88d4df6a24b5876bfb14a334de443b156c0178a458da93487bb58f9966b11ffc0c08057791779c72325c4cf0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
94b53e19033fba1147762ce59eab486f

SHA1
69c9950e34d78cc0dd91418bb6851f5dc00dc188

SHA256
7601f15d59e201e472d2680bd431179f53f232be4a13c3a440bb0e4eb48edb95

SHA512
36936abe03473ec9a2edb2cd8e26ad729f4ff1a8a8c3b078fdfcc8366641cd58f77da525646ae9f388bc1115a578bd0fdfbb5b460515b22fc792b65606e3b2a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
852B

MD5
2b909f87a04fc8cc519168820c2f9ae1

SHA1
491046dffedbbde6a250063e5695211930bd6471

SHA256
d742b30c03de3baef8a30faf72504df2495e16dae4f1d8df8b5fab7f980b0038

SHA512
03201fddd0ad72e8159e9cf454f05b5b75e76fd3494c62388f751ca3f058f0aaa18333e0816e235c45c1b880e59285c47be43436a4dfa53799a9cf55900cabcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
1453b9d542d41d5b0cd976b61803075f

SHA1
c035b437121100067490fbd671697605d19bc6d2

SHA256
ad4c632cc3fbe123c714b385501d11a7680683b9245c5bca0f4d756a854bb1f5

SHA512
f6bacfe1ec6e4bbb55b2415ef27da669bcc06ec7f5db9357eb7e061419146089ba0bbbbe593d492fc675b57a9512eadb4f22b8f3fa535d50526f390104dba5bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
607982185b61a71fc34eec57c51d5f47

SHA1
d99f44145d8cc972c3f64c380aeca5201b8c9af8

SHA256
3f2e86cdc92b487987baa9051529b5ce8e8937c8c9f15bfce15aa06751c80ef4

SHA512
9ddd10ac15d76e0b9af97c56d7282d9617e21a2eba64b194b16081173c98bef9f8a8381f10bdb8be6ca2028ed3d87fda5cdaedbf9777965343b800c9af826997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2243c594915e7b6b9219f48080dd115b

SHA1
203c36c7c619ff72dff904229ffbb81e295af584

SHA256
5d21b88162d2733a720d2abde097d5351cee301530aa0555e4fe9e720486f87b

SHA512
420e2e40fa6352254b946cfec88b0014bbb1c82f31d947f045d83e9578be0a7dcbec7d6431f2d60ebe502764d2597cb4da77f592d36fb18513dc9ea4a7528339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f322eee6-79a8-4477-b672-ef258c726868.tmp
Filesize
7KB

MD5
f66d172a01a03a3ca80a7557f8264db1

SHA1
304045c6dff05d8b73055a9eb40d09682807a6d9

SHA256
ac0e41cba508cc3f20db2e0ef2ceaa2a6d791af6bc4524025c655a0a53ca0049

SHA512
a9cd2e357fdc1a3434183f134785b02ed2b79df1f6b9cdefd248b9eb3c2c6b4ac9060a6463d8eada23eb542b4392bd9c487ee2248327d1b61f118ae9dd862557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFABB.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\api-ms-win-core-file-l1-2-0.dll
Filesize
13KB

MD5
fa6953700659b11c2d82fb521d2e8664

SHA1
07c7d14fdfd1686a424820f77733d1d4f3c75e31

SHA256
4dcc72554ffaa121decaf6e5bd3081198f017d735a07cc6d23d8a56b1383a61e

SHA512
1300c6ab6377e717dfac9e2f78c1218dee91e8fde25454f65ab32095a949c1be5b67aa3ed1c1d9f78d0c8bc9830f5c1dc0e6e01e91effec20ead6cdd9a3f639f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\api-ms-win-core-file-l2-1-0.dll
Filesize
13KB

MD5
621a34a36c202e4c4e59a6077c22cb5e

SHA1
ec696fd4e8e5935a722e88a551593593a12e882e

SHA256
746cde47f460ab4ef45a3158cbc038b166c86b03114c259ea5c759001692c079

SHA512
04e94784a70a576235d5bec58c57b8b3cfc01d7b292287f299deaf52523cef51c2790874116e666e5bc672453beafe173cf1afbe49a5f3076b83344298643ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\api-ms-win-core-localization-l1-2-0.dll
Filesize
15KB

MD5
2395f675152f25bdc501c1b698b3f70a

SHA1
829eb4dee9604330072c124b9bddf4a4e96a7c98

SHA256
4173e50962540ec0708930d7c456164d4e0fa96d49efb034621eb06e67ac0563

SHA512
7c0125e248387d268a337fa2a0090e6b8713e6205d22fb23a4ce9635fb0f5b79a0e3d28aab3050cc0445ef065632052c23341b1ac22dbd947ac4262fd63a1b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
13KB

MD5
81a255549e9b3467276810f94a67512d

SHA1
c3bf694f5d030d5a29ebb9ae70010be4571cec17

SHA256
8447c3c56f83e5a9407bf446cfc037d149b945611f03798f731e49145fca81c2

SHA512
05e6d83baa20b38d8710ed06c62ef8603c37d70fd0f6036f54a50ad041575d52f23c56bcebb12df8bf7cd9327c46522e59bcda47e2fcabfb0e5c11247708afa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\ucrtbase.dll
Filesize
987KB

MD5
637c17ad8bccc838b0cf83ffb8e2c7fd

SHA1
b2dd2890668e589badb2ba61a27c1da503d73c39

SHA256
be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed

SHA512
f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776

Download Submit
\??\pipe\crashpad_2588_GJYNVBTYAGOPWFGJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28442\api-ms-win-core-timezone-l1-1-0.dll
Filesize
13KB

MD5
59f3aeb2eda80ffc000b99f27ec99d14

SHA1
2961c514b480424b3512d424dcd7d295477b243a

SHA256
e1c41c6525ed510aa75ec671f86d22a005ffd9a856a74dcf09bf3256e301a8ab

SHA512
ff1980c859c7a23ded484a51e596fd591df855e0266961c4620373d42190152f92df83683779a79561d46bd5d238d7d178cfa2952dee316a742a72835be44992

Download Submit
memory/1812-165-0x000007FEF67B0000-0x000007FEF6C1E000-memory.dmp

Filesize
4.4MB

Download